Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

About eap ternimation

This thread has been viewed 0 times

  • 1.  About eap ternimation

    Posted Nov 05, 2017 09:09 AM

    I have a question,if I enable eap ternimation on the controller.Do I need to specify the authentication method as EAP-PEAP or EAP-TLS on the authentication server?



  • 2.  RE: About eap ternimation

    EMPLOYEE
    Posted Nov 05, 2017 09:45 AM

    EAP termination was used in the past when you could not load a server certificate on a radius server.  If you already have a radius server and you can load a server certificate on it, you should not enable termination; you should just define a radius server on the controller and have your radius server authenticate to it.  Enabling termination on the controller has a few drawbacks like having to load a server certificate on the controller and the inability to do machine authentication for Windows clients.

     

    To answer your question:  you should configure the EAP type on the authentication server.  Again, if you can put a server certificate on your radius server, you should not need to enable termination on the controller.